jcw@wdl1.UUCP (John C Williams) (06/30/87)
We herewith report a bug and its fix in gnuemacs (versions 18, 17, and probably others + or -). The problem is in the permissions assigned to the auto-saved version of a file being edited. These permissions ought not to be more than those on the file itself. Currently, however, the permissions will be the logical AND of 0666 and one's default permissions, as defined by one's u-mask. Thus, if one is editing FILE with permissions -rw-------, and one's default permissions are -rw-r--r--, then #FILE# will have permissions -rw-r--r--. One can, of course, redirect #FILE# into a directory with permissions that disallow Group and Other from search, but one shouldn't have to do this. Our solution is to change the auto_save_1 module in fileio.c . Old version: Lisp_Object auto_save_1 () { return Fwrite_region (Qnil, Qnil, bf_cur->auto_save_file_name, Qnil, Qlambda); } New version: Lisp_Object auto_save_1 () { unsigned char *fn; int fd; fn = XSTRING(bf_cur->auto_save_file_name) -> data; fd = creat(fn, 0600); close (fd); return Fwrite_region (Qnil, Qnil, bf_cur->auto_save_file_name, Qnil, Qlambda); } We make the changes here rather than in write-region because write-region is called from other parts of gnuemacs. The result is that when creat is called from write-region, the file into which the auto-save will be done already exists with the restricted permissions. We have been using gnuemacs (version 18) with this fix and have experienced no problems as a consequence. (This is not to be construed as any guarantee whatsoever.) Sincerely, John C. Williams jcw@ford-wdl1.arpa George W. Dinolt Christopher L. Tucci